package SV_PATH;

import javax.servlet.ServletRequest;
import javax.servlet.http.*;
import java.io.*;
import java.io.IOException;

public class Vulnerable_01 {
    public void processUserProfile(ServletRequest req) throws IOException {
        // Source of data from HTTP request in servlet
        String userName = req.getParameter("userName");
        String profileDir = "";
        String profile = profileDir + File.separator + userName;
        BufferedReader reader = new BufferedReader(new FileReader(profile));
        try {
            //...
        } finally {
            reader.close();
        }
    }
}
